# beijing-policy.hcl
path "secret/data/beijing/*" {
  capabilities = ["create", "read", "update", "delete", "list"]
}

path "transit/encrypt/beijing-key" {
  capabilities = ["update"]
}

path "transit/decrypt/beijing-key" {
  capabilities = ["update"]
}

path "database/creds/beijing-role" {
  capabilities = ["read"]
}